What are the known attack / censorship vectors here, if any?

The Exocore system consists of the smart contracts in L1 chains and the Exocore protocol itself. The potential attack / censorship vectors are:

  • Attack on L1 chains:

    • DOS or censorship

      • Effect: users won’t be able to restake or withdraw tokens.

      • Mitigation: chain selection needs to be done based on selective criteria.

    • Smart contract exploit

      • Effect: users won’t be able to restake or withdraw tokens or users could be exposed to potential theft of tokens.

      • Mitigation: smart contracts implemented on each L1 chain have minimally complex business logic, which allows for simpler code, a smaller attack surface, and more reliable security audits.

  • Attack on the Exocore chain:

    • DOS or censorship

      • Effect: normal operations such as reward distribution or slashing could be delayed.

      • Mitigation: Exocore network will consist of a decentralized validator set as well as a proper block proposer rotation and censorship detection mechanism. Through these, such an attack will be greatly mitigated and the delay of operations will be kept at an acceptable level (minutes at most).

    • PoS attack by controlling majority vote

      • 33% vote collusion.

        • Effect: The Exocore chain will halt and it will have similar effect as a DOS attack with a different duration.

        • Mitigation: Exocore itself will have protocol-level slashing mechanism to prevent malicious behavior like this.

      • 66% vote collusion

        • Effect: Exocore chain will be able to send a malicious transaction to client chains.

        • Mitigation: Exocore doesn’t have permission to transfer user’s asset to other addresses so attackers won’t be able to benefit financially from such an attack. With a properly implemented and designed PoS consensus mechanism such an attack can be mitigated. Worst case scenario, if such an attack does happen, as with all other blockchains, social consensus of the Exocore community can slash the attacker and recover assets with a honest network.

Last updated